Due to a known deadlock issue in certain versions of Symantec Endpoint Protection, it is possible for the Tanium Client to spawn processes that can not be killed.
These processes are deadlocked by Symantec in the OS kernel when an anti-virus update is applied.
Antivirus software by design requires periodic updates to maintain it’s effectiveness on a client workstation, and problems may arise unless steps are taken to ensure that the antivirus software can perform updates in a timely manner. EXE" "C:\Program Files (x86)\Symantec\Live Update\LUALL.
Scheduled are used to configure the antivirus software to update in a timeframe where Deep Freeze will not be protecting the workstations. Select Batch File in the Task Type drop down and click Add. Name the event “Symantec Antivirus” in the Name field. Select the frequency for the updates to occur in the Day drop down and set the start and end time for the event. The options “Allow User to Cancel Event”, “Shutdown after Maintenance”, and “Disable Keyboard and Mouse” can be enabled if desired.
This has the advantage of being one of the less difficult methods to configure but does require that the workstations have a period of time where they will not be used and can be configured to update automatically.
We are evaluating the option to replace Sophos AV with SEP 12.1 and are looking for deployment answers as well.
What we know so far is that the SEP Manager Server should be set up to provide definition updates to multiple Group Update Providers (GUP's) on the Windows side and then we "may" need to stand up several Live Update Administrator Servers (LUAS) for the Mac side.